What is the Children’s Online Privacy Protection Act (COPPA)?
The Children’s Online Privacy Protection Act (COPPA) is a U.S. law enacted in 1998 which regulates the collection and use of information from children under the age of thirteen by commercial website or online service operators. COPPA requires functioning hyperlinks to a website’s privacy policy on every page that collects personal data. It requires operators to provide notice of what information is collected, how the information is used and disclosed, and to obtain “verifiable parental consent for the collection, use, or disclosure of personal information from children”. Under COPPA, parents may obtain from operators a description of the information collected (as well as the information itself), and may refuse to permit operators from collecting, using or maintaining information on their children. Operators cannot condition a child’s participation in a web site on the child’s disclosure of personal information. Operators must “…establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.” COPPA is enforced by the FTC and States attorney generals. It does not preempt consistent state laws.